diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go index fb95e63ec..dd2424802 100644 --- a/routers/web/repo/attachment.go +++ b/routers/web/repo/attachment.go @@ -110,11 +110,6 @@ func ServeAttachment(ctx *context.Context, uuid string) { return } } else { // If we have the repository we check access - context.CheckRepoScopedToken(ctx, repository) - if ctx.Written() { - return - } - perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go index a92814ece..ff6272648 100644 --- a/tests/integration/attachment_test.go +++ b/tests/integration/attachment_test.go @@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) { // Validate that attachment is available req = NewRequest(t, "GET", "/attachments/"+uuid) session.MakeRequest(t, req, http.StatusOK) + + // anonymous visit should be allowed because user2/repo1 is a public repository + MakeRequest(t, req, http.StatusOK) } func TestGetAttachment(t *testing.T) {